The plaintiffs claim Capital One and GitHub of failing to protect customers’ personal information and said that both companies need to be held responsible for their role in the data breach. They also accuse the source-code hosting website of being involved in actively encouraging “(at least) friendly hacking”.

The Capital One breach, which occurred in March/April this year, led to the theft of personal information of about nearly 106 million customers.

The company disclosed the data breach late last month, admitting that a hacker illegally accessed its systems and was able to steal the personal information of a large number of customers.

The hacker supposedly exploited a firewall misconfiguration in an Amazon Cloud storage service used by Capital One and went on to post the stolen data on GitHub in April.

As per the lawsuit, the Capital One hack details were available on GitHub from 21 April 2019 to mid-July before they were removed from the site. Capital One only became aware of it on 17th July.

“GitHub knew or should have known that obviously hacked data had been posted to GitHub.com,” the lawsuit said.

It claimed that GitHub had violated the federal Wiretap Act by allowing the hacker(s) to upload and store stolen details of people, including their Social Security numbers (SSNs), on its servers.

“GitHub had an obligation, under California law, to keep off (or to remove from) its site Social Security numbers and other Personal Information,” the suit said.

The plaintiffs also provided a link to a GitHub repository named “Awesome Hacking” in support of their claim that GitHub is involved in “friendly hacking”.

A GitHub spokesperson told Business Insider that the information posted on GitHub didn’t contain any bank account details, SSNs, or any other reportedly stolen personal information.

The company said that the information related to Capital one data hack was removed promptly after a request from Capital One to remove such content was received.

The GitHub spokesperson also stated that it is the company’s policy to quickly remove any content that is found to be violating the terms and services of the website. µ

Categories

we are all about Ethical Hacking, Penetration Testing & Computer Security. We share and comment on interesting infosec related news, tools and more. Follow us on RSS ,Facebook or Twitter for the latest updates. DigitalMunition is designed to help Auditors, Pentesters & Security Experts to keep their ethical hacking oriented toolbox up-to-date .
This website is made for educational and ethical testing purposes only。It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this website.